Linux WAN Routers

Here's another great use for Linux; Mr. Mancill tells us why his company picked Linux routers over the big names.

Every time I deploy a Linux system for my
company, the phrase “Linux in a production environment? It'll
never happen,” stills echoes through my head. At a previous
employer, this was the pat answer to all of my queries as to when
we could try Linux out in our product evaluation lab. I have since
had the chance to use Linux to solve real-life problems, and I am
ready to report—“It happens every day!”

This article will discuss the advantages of Linux-based WAN
routers in terms of total cost of ownership. Although many
technicians may find this approach unsavory (it certainly does not
appeal to the idealist in me), the truth is that most finance
departments are rarely interested in the technical elegance or
excellence of their IT departments. In the eyes of those signing
the checks, value is more important. Cost includes not just
hardware and software, but all related personnel and maintenance
costs.

In today's penny-conscious corporate environment, technicians
need to be cognizant of the fact many companies offer routing as a
service, which may (at least on paper) look less expensive than
your salary and equipment. Therefore, it makes good sense for
network administrators to remain conscious of the value they are
providing their employer. If you are a solutions-provider, this
article may help you increase your profit. And for those operating
with a limited budget, deploying Linux routers may be the only
choice for connecting sites to each other or to the
Internet.

Costs aside, in my opinion Linux routers do possess technical
elegance and excellence. I will focus on the functional
“niceties” of this platform—plus some day-to-day experiences.
For those of you already familiar with Linux, it might be
interesting to see how it is being used in a 24x7 production
environment. For those not yet using Linux, this article will
acquaint you with some of the possible applications of this
versatile and stable platform.

Figure 1. WANPIPE S508/FT1 Card

From this point on, the term “Linux router” will be used to
refer to an x86-based PC running Debian/GNU Linux and outfitted
with Sangoma's WANPIPE S508 router card (Figure 1). After using
this platform as an alternative to “BigName” traditional routers
for more than 18 months for frame-relay and Internet routers, I am
a strong proponent of this solution.

Cost

Linux routers are economical both in terms of hard costs and
the associated hidden costs in providing a routing infrastructure.
These costs include:

Telco access (+ usage-based charges where
applicable)

Router hardware

Router software, upgrades and support

Personnel costs, including salary, training and
maintaining the router during day-to-day operations for both
troubleshooting and upgrades

Lost productivity and revenue due to downtime—in
the holistic view of your company's management, often quite
expensive

For usage-based access methods (e.g., most types of ISDN),
monthly costs depend upon the connect-time. In this case, it is
beneficial to control when and for what reason a connection is
initiated. Many routers cannot provide this sort of control at all;
a Linux router comes equipped with schedulers and scripting
languages.

Router hardware costs can vary wildly, depending upon the
interface types and speeds, protocols supported, capabilities
provided (such as packet-filtering) and switching speed. For less
than the cost of the least expensive traditional router that
supports a V.35 interface, you can have equivalent connectivity
with superior functionality and supportability using a Linux
router.

An easily overlooked cost of working with digital circuits
(other than ISDN) is the CSU/DSU, which is used to interface your
router to your telco access. This device understands the signaling
on the digital access line, e.g., a T-1, and converts it into a bit
stream on a V.35 interface. They can be expensive. The Sangoma S508
is offered with an integrated CSU/DSU which saves money and makes
cabling and mounting easier.

The cost of router software, hardware and software upgrades,
as well as the cost of yearly support agreements for router
hardware and software, can be significant. (Traditional support is
often 10 to 15% or more of the new price of the hardware per year.)
These costs approach zero for the Linux router solution. The
operating system, including tools and upgrades, is free. The PC
hardware is inexpensive, and because the requirements are so modest
it can often be inherited from others trying to upgrade their
desktops for more horsepower. (All of my systems are
“hand-me-downs”.)

Even more important than the base hardware costs, Linux
routers offer investment protection since you have a clear upgrade
path for all aspects of your router. Additional links can be added
for cost of another Sangoma card. Mixing links and media types is
simple and inexpensive. For example, if you wish to upgrade your
LAN backbone to 100Mbps or to ATM, adapters for our BigName router
cost about $4000.00 each, but for Linux any decent 100Mbps Ethernet
card will work fine. Faster switching is merely a motherboard/CPU
upgrade.

Now and then someone will quip that a PC is not fast enough
to be a WAN router. I think this statement shows a lack of
imagination. If this were true, there would be no point in having
100Mbps Ethernet cards. How can you expect your desktop to send or
receive packets at 100Mbps when it is not able to read+send packets
arriving at 1/100th of that rate?

Packet-filtering, address translation (IP-masquerading) and
proxying are often add-ons for traditional routers. By contrast,
adding this functionality to a Linux router is free, and easier to
install and manage.

BigName router software upgrades can be time-consuming.
Unless you have spare BigName routers, practicing your upgrade is
not an option. This is even worse when you have both “BigName X”
and “BigName Y” routers. Different procedures, different problems
and phone support for any of them can be expensive. Having more
than one closed-system router vendor also means more money for
training and more “fragmentation” of the skill-sets of your
support staff. Instead of three capable generalists, you have one
person trained for X, one for Y and a third who tries to keep
up.

This leads to another part of the cost of providing routing
services. How much does it cost to have people tend to the
environment? Salary, training, time spent configuring, developing
reports, upgrading and troubleshooting are all part of the total
cost of ownership. I would say that this is the most important
reason to seriously consider Linux as a router platform. First of
all, there is an ever-increasing supply of talent that has
experience with Linux. This keeps salaries for support staff
reasonable. (Try to find enough money to hire a BigName
specialist.) Even salty UNIX administrators feel at home on Linux
systems, once again increasing the resource pool, providing backup
support and easing cross-training within your IT department. This
element of commonality cannot be stressed enough. Secondly,
configuring a Linux router uses the same tools as configuring the
network card on any UNIX system. Anyone who feels comfortable at a
shell prompt and understands TCP/IP is a potential resource. This
is important, because at some point, your environment will need
support.

Maintenance of WAN networks tends to be infrequent but
intense. Problems tend to occur at 2:00AM six months after you last
touched your BigName router. (You are most likely at home, sitting
in your bathrobe, dialed-in to your office. What are the chances
you have the manuals at hand?) By contrast, a Linux router uses
many of the same tools you work with every day, and you have all of
the documentation on-line in the form of man pages or text files.
You may not have worked with the router for a while, but you use
ifconfig and look at
/var/log/messages each day. Even the hardware-specific tools tend
to be more fully featured and easier to use. For instance, Figure 2
is a screen showing Linux PPP statistics as monitored from an
attached workstation.

Figure 2. Screenshot of Linux PPP Monitoring on Attached
Workstation

For day-to-day troubleshooting, you have a whole suite of
tools at your fingertips that you can use to hack your way around
the problem. And because these tools are familiar, your problem
resolution time is shorter. A keep-alive ping
script may not be the prettiest solution, but it will keep you out
of reactive mode long enough to research the real problem. When I
was younger and very naive, I believed that when you bought a piece
of hardware or software from a BigName it was fully debugged. This
is ridiculous—all code has bugs in it. The real question is—what
options do you have to deal with these bugs?

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.